A huge glitch on DeFi platform Compound has put $160 million at risk - with the founder begging for the money to be returned
- A botched upgrade by a
DeFiplatform has left around $160 million at risk, according to the network's founder.
- Robert Lescher was imploring users to return any
cryptothey were sent, or had claimed, after the error.
- Users exploited a bug on the
CompoundDeFi platform to drain money from a major pool of assets.
It was a very rough weekend for Compound, one of the biggest
A routine network upgrade went badly wrong, ultimately leaving $160 million worth of cryptocurrency at risk in a pool that can be drained by experts who know how to exploit the mistake, according to Compound founder Robert Lescher.
Over the weekend, Lescher was imploring users to return any cryptocurrency they may have received or claimed from the pool. He said more than $30 million had been returned on Sunday.
On Thursday, about $90 million worth of tokens was sent out to users of DeFi protocol Compound by mistake. An upgrade had gone wrong and a glitch was accidentally sending way too much money from a pool of cash called Comptroller.
But Compound's woes intensified on Sunday when users realized they could exploit the glitch to drain even more money from Compound's reservoir to the Comptroller pool.
A user took advantage of the bug to send $69 million worth of Compound's cryptocurrency,
Users exploit major Compound glitch
After Thursday's mess-up, Compound put in place patches to fix the problem of huge amounts of coins being sent to users. But because of its governance model, any changes take seven days to go through the system.
The delay meant the glitch could be exploited. Savvy users could add more money to the Comptroller pool by using a function called "drip()."
One user figured this out on Sunday night, sending $68.8 million of comp to the pool. After the Compound community realized, users started withdrawing tens of millions from Comptroller. The Block reported that only certain users can drain the pool.
Data from blockchain data page Etherscan appeared to show heavy activity in the Comptroller pool on Sunday night and into Monday, with money dripping in and flowing out. There was $43.4 million in the pool as of Monday.
Crypto expert Banteg said on Twitter that Compound faced the largest loss in a smart contract incident.
Read more: Alex Thorn went from being Fidelity's 'bitcoin viking' to leading Galaxy Digital's research team. He explains why investors shouldn't ignore the lightning network - and which networks are the most undervalued right now
Compound boss left begging for money back
Lescher's initial response to the botched upgrade on Thursday was to threaten those who had been sent too much money, saying users would be reported to the IRS and their details shared online.
He later apologized, saying the threat was a "bone-headed" approach. "I'm trying to do anything I can to help the community get some of its COMP back," he said.
Over the weekend, Lescher was thanking users who had returned the money and stepped up his calls for the rest to be returned. Lescher said 117,000 comp, worth around $37 million, had been returned by Sunday.
Compound is one of the biggest decentralized finance protocols in the world, and allows users to earn interest on their digital assets. DeFi is the use of crypto technology to create financial systems such as exchanges and lending agreements that don't need middlemen, but instead use self-executing "smart contracts."
- Towards a Greener Footprint: Prioritising Carbon-Neutrality Makes Good Businesses Sense! Are Indian Firms Making the Transition?
- Netflix confirms an ad supported tier is coming to its streaming service by year end
- Accenture, Cognizant could see revenue growth but a strong US dollar could spoil the party
- Kharif sowing is off to a weak start with extended dry spells and floods
- Best ladder for home use in India